Commentary on the economic , geopolitical and simply fascinating things going on. Served occasionally with a side of snark.

Thursday, December 19, 2013

National Security Agency controversies cost Boeing a large 4.5 billion USD Jet Fighter order as Brazil choses Sweden ( Saab ) over the US ( Boeing ) and France ( Dassault ) , President Obama's Panel recommendations and where does Obama stand on the surveillance state created over the past dozen years ?

National Security Agency items of and President Obama's Panel recommendations .....First my prior NSA post for recent news and views.....

(Reuters) - As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry, Reuters has learned.

The claim is that the NSA paid RSA, a commercial firm that (among other things) makes dongles for "secure" logins to places like banks and similar, to insert a bad random number generator into their reference software and make it the default.
As a quick refresh public-key cryptography relies on true random numbers. If you can guess the sequence -- that is, if the numbers aren't truly random -- you can compromise the encryption. This is much easier than actually trying to break the code itself; think of it as a safe with a big, thick door and a nasty, un-pickable lock -- but because you want to break in you get the owner to install a cheezy $20 screen door on the side of the vault.
This would leave the keys generated by that software "guessable", and RSA was the publisher and owner of the code in question that then wound up -- and is probably still in -- hardware and software found basically everywhere.

RSA a few months ago "urged" its customers to stop using the compromised random generator.
But what of all the code that is out in the "wild" that has this software in it, and this random number generator, and is set to use it ?
The bombshell isn't that the flaw was suspected, it is that it is now being alleged that the NSA paid RSA to make the code breakable -- on purpose. Whether RSA knew it was breakable at the time is unknown, but the NSA sure appears to have been fully-aware of it, and if Reuters' reporting is correct they basically paid off the firm to insert it into their software that was then widely distributed to pretty-much everyone.

So you want to trust companies based here in the US when it comes to cryptography eh?Sounds like a good idea to me.

GCHQ AND NSA TARGETED CHARITIES, GERMANS, ISRAELI PM AND EU CHIEF

British and American intelligence agencies had a comprehensive list of surveillancetargets that included the EU's competition commissioner, German government buildings in Berlin and overseas, and the heads of institutions that provide humanitarian and financial help to Africa, top secret documents reveal.

The papers show GCHQ, in collaboration with America's National Security Agency (NSA), was targeting organisations such as the United Nations development programme, the UN's children's charity Unicef and Médecins du Monde, a French organisation that provides doctors and medical volunteers to conflict zones. The head of the Economic Community of West African States (Ecowas) also appears in the documents, along with text messages he sent to colleagues.

One GCHQ document, drafted in January 2009, makes clear the agencies were targeting an email address listed as belonging to another key American ally – the "Israeli prime minister". Ehud Olmert was in office at the time. Three other Israeli targets appeared on GCHQ documents, including another email address understood to have been used to send messages between the then Israeli defence minister, Ehud Barak, and his chief of staff, Yoni Koren.

Matt Blaze has been pointing out that when you read the new White House intelligence task force report and its recommendations on how to reform the NSA and the wider intelligence community, that there may be hints to other excesses not yet revealed by the Snowden documents. Trevor Timm may have spotted a big one. In the recommendation concerning increasing security in online communications, the second sub-point sticks out like a sore thumb:

If you can't read that, it says:

Governments should not use their offensive cyber capabilities to change the amounts held in financial accounts or otherwise manipulate the financial system.

While there have been plenty of reports about the US running hundreds of offensive cyberattacks on others, outside of things like Stuxnet, not many have been directly identified. And I'm unaware of any claims suggesting attempts to "manipulate the financial system" of any particular country and/or to "change the amounts held in financial accounts." It seems a bit odd to come out of the blue like that, and certainly suggests that this particular bullet point likely came as a result of a rather specific thing that came up during the task force's review.

So, now we wait for the inevitable news of what sort of financial shenanigans the NSA was up to.

WaPo: WH justification of NSA surveillance programs “unraveling”

POSTED AT 12:11 PM ON DECEMBER 20, 2013 BY ED MORRISSEY

Is it just me, or did someone misread the calendar over the last 24 hours? This is the third story today that normally would get the Friday-night-document-dump treatment. Instead, the Washington Post runs this right before the last major news cycle of the holiday season — and just hours before Barack Obama’s final press conference of 2013:

From the moment the government’s massive database of citizens’ call records was exposed this year, U.S. officials have clung to two main lines of defense: The secret surveillance program was constitutional and critical to keeping the nation safe.

But six months into the controversy triggered by former NSA contractor Edward Snowden, the viability of those claims is no longer clear.

A day after the panel’s report was made public, U.S. officials said its findings had stunned senior officials at the White House as well as at U.S. intelligence services, prompting a scramble to assess the potential effect of its proposals as well as to calculate its political fallout.

“Unraveling” is putting it mildly. Obama administration officials have said all year that these programs not only provided NSA critical data for preventing terrorist attacks, but had actually stopped terrorist attacks in progress. However, when the panel demanded to see the evidence of such outcomes, they got a big and unpleasant surprise:

A member of the White House review panel on NSA surveillance said he was “absolutely” surprised when he discovered the agency’s lack of evidence that the bulk collection of telephone call records had thwarted any terrorist attacks.

“It was, ‘Huh, hello? What are we doing here?’” said Geoffrey Stone, a University of Chicago law professor, in an interview with NBC News. “The results were very thin.”

While Stone said the mass collection of telephone call records was a “logical program” from the NSA’s perspective, one question the White House panel was seeking to answer was whether it had actually stopped “any [terror attacks] that might have been really big.”

“We found none,” said Stone.

The White House, and especially DNI James Clapper and NSA chief Keith Alexander, have repeatedly insisted — in Congressional testimony — that the so-called 215 program that covers the collection of domestic phone records saved lives. Jay Carney insisted in June that the White House calculated 50 specific threats that the 215 program stopped:

White House press secretary Jay Carney repeatedly described the NSA’s bulk collection of phone records as an “important tool” in efforts to disrupt terrorist plots during a lengthy briefing Thursday afternoon, but sparred with reporters over the White House response to the intel review panel’s assertion that didn’t prevent a terrorist attack. President Obama, Carney said, stands by his June assertion that “we’ve saved lives. We know of at least 50 threats that have been averted because of this information, so lives have been saved,” thanks to the 215 program. But pressed on how that stance squares this week’s report, Carney wouldn’t directly push back against the findings that question the controversial program’s essentialness, only repeatedly calling the program “important.”

Instead, the panel found that the 702 programs that surveil foreign communications were critical in stopping terrorist attacks. The 215 program? Er, not so much:

The comparison between 702 overseas interceptions and 215 bulk metadata collection was “night and day,” said Stone. “With 702, the record is very impressive. It’s no doubt the nation is safer and spared potential attacks because of 702. There was nothing like that for 215. We asked the question and they [the NSA] gave us the data. They were very straight about it.”

How does Congress feel about this surprise? Surprised:

“That was stunning. That was the ballgame,” said one congressional intelligence official, who asked not to be publicly identified. “It flies in the face of everything that they have tossed at us.”

Once again, we have to wonder why the people doing the tossing are still around. Alexander is retiring shortly, so firing him is pointless. But why is Obama keeping James Clapper around? Better yet, will Congress take steps to force Clapper to be accountable for his obstruction of their legitimate oversight duties and perjury before Congress?

And an even better question: will anyone in the press corps ask Obama about the dishonest justifications made before Congress for this activity in today’s presser?

The climatic end of a decade-long intercontinental aerial soap opera seems to have yielded two clear winners: Sweden and Snowden.

In a deal regarding 36 jet fighters worth $4.5 billion, Brazilian Defense Minister Celso Amorim announced the Gripen NG, manufactured by Saab, won over the French Rafale, manufactured by Dassault, and the American F/A-18 Super Hornet, manufactured by Boeing.

That was all it took for Swedish media to gleefully hail Edward Snowden – and his revelations about NSA spying on Brazilians - as the decisive factor. That was a factor, of course, but not the whole story.

Amorim went straight to the point; Saab won because the Gripen is tremendous value for money; its maintenance is cheaper; and there will be nearly total technology transfer (something that Boeing would never allow). The fighters will end up being “made in Brazil.”

About that Louis Vuitton plane

And to think that mega-popular former Brazilian President Lula (2003-2010) was in fact inclined toward the Rafale; during his administration Brasilia did buy, for instance, French submarines and helicopters. His Defense Minister Nelson Jobim even quipped that the Gripen only existed on paper.

It’s technically true; the jet fighter is still being developed in six different plants across Sweden. The first units will be delivered to the Swedish government in 2018 – as well as between 3 to 6 Brazilian Gripens.

Lula ended up leaving the crucial decision to his successor Dilma Rousseff. Since early 2011 the outcome was always being postponed because of budget cuts. The inside word in Brasilia is that the Brazilian Air Force had always favored the Gripen.

No wonder Dassault officially took it very badly; the Gripen was dismissed as not nearly as sophisticated as the Rafale.

Brazilian President Dilma Rousseff.(AFP Photo / Evaristo Sa)

According to Dassault, the “financial logic” that prevailed did not take into account how “cost-effective” and how awesome the Rafale is. Possibly. But how good is an unexportable jet fighter?

After spending a whopping $40 billion to develop this aerial equivalent of a chic Louis Vuitton bag (no Chinese knock-off), Dassault has landed zero global clients. The only customer is the French government. That brings us to the question of why the Rafale is so expensive. The debate in Paris is fascinating – especially on the heels of President Francois Hollande’s spectacular visit to Brazil last week, when he lobbied heavily for the Rafale.

Roughly, French conservatives insist the much-loathed 35-hour work week, people retiring at 50 with full benefits, high compensation for firing anyone, and high social taxes – characteristic of a “bloated public sector” - jack up the final price. Progressives on the other hand insist France did not lose anything; Dassault did. Paris should rather support and invest in essential sectors for the collective good instead of promoting a weapons manufacturer.

Watch those turbines

Now let’s get to the meat of the matter. The Brazilian Air Force does not need these jets to launch an aerial jihad in South America. They will be essentially used to patrol the enormous borders – Amazon rainforest included – and “securitize” Brazilian air space.

An hour of flight on the Gripen costs $6,000 at the most. For the Super Hornet it’s up to $14,000, and for the Rafale may be up to $15,000. Overall maintenance costs are also lower.

Amorim insisted there will be something like 80 percent of technology transfer; this refers to the structure, not components. The Gripen’s structures are already being projected by AKAER, a firm in Sao Jose dos Campos near Sao Paulo. Embraer wants to build fiber carbon wings. So this will be essentially a Saab/Embraer partnership.

In a parallel front, Swedish paper Svenska Dagbladet has revealed that 50 percent of the Gripen’s components come from abroad – including the turbine, from General Electric (20 percent of the total cost). Amorim does not see this as a problem. He’d better beware.

Boeing F/A-18.(Reuters / Michael Buholzer)

Former US ambassador to Brazil (2002-2004), Donna Hrinak, is now Boeing’s point woman in the country – yet another case of the corporate/government “revolving door” in Washington. She pulled no punches since September 2011 to make the Rousseff administration swing towards the Super Hornet.

Hrinak was fully aware of the Snowden effect. Yet in a PR blitz, she kept insisting Snowden “cannot affect commercial relations” between the two countries. She pointed out how Embraer sold Super Tucanos to the US Air Force – which, by the way, are now equipped with Boeing missiles. Everything should always be regarded under a “bilateral relation of many years” in which “we share values and interests”.

Well, Brazilians are cynical enough to know what happens to countries that suddenly are deemed to no longer share those “values and interests”. Keep an eye on those GE turbines.

Recommendations in Conflict With Recent Policy

The Review Group on Intelligence and Communications Technologies, appointed by President Obama to review NSA surveillance and offer recommendations, was stacked with insiders and had been widely expected to offer little to no substance.

Yet their 300+ page report has called for some major changes in policy and rethinks in general approach toward surveillance, much more than the administration or pro-surveillance Congressmen had suggested could even be considered.

The telephone metadata proposal, keeping the data under control of a third party, seems relatively minor a change, while other recommendations, including treating foreigners with the same standard as Americans unless there’s a specific reason not to in a specific case, are far afield from the administration’s stance that foreigners are everywhere and always fair game.

The report also recommends an end to using the NSA for industrial espionage or any other surveillance of foreign targets for economic reasons. They also urge an end to government undermining of private encryption.

It remains to be seen if the Obama Administration is going to take many, or indeed any, of the recommendations seriously, as another recommendation to put the NSA under civilian control and split it from the military’s Cyber Command has already been specifically disavowed by the White House, who intends to keep the positions merged.